Getting Data In

Anonymize only Child Nodes

jmaguire1992
Explorer

Hello,
I was wondering could anyone help me figure out the sed script required and regex to Anonymize child nodes from xml - The difficulty seems to be due to the fact each node takes it's own line within splunk rather than usual single line <testfield> 123 </testfield>. Here is an example of how it appears:

<userDetails> 
<name> 
<testfield> 
123
</testfield> 
</name>
</userDetails>

And the appearance I would want would be something like:

<userDetails> 
 <name> 
 <testfield> 
 xxxx
 </testfield>
 </name>
 </userDetails>

Any help would be great with this - thank you.

James

0 Karma
1 Solution

jmaguire1992
Explorer

I figured it out - Here is the answer for anyone who might need it.

 SEDCMD-testdata_anonymizer = s/(.*)<testfield>[\s\S]*?<\/testfield>.*/\1 <testfield>xxxx<\/testfield>/g

View solution in original post

0 Karma

jmaguire1992
Explorer

I figured it out - Here is the answer for anyone who might need it.

 SEDCMD-testdata_anonymizer = s/(.*)<testfield>[\s\S]*?<\/testfield>.*/\1 <testfield>xxxx<\/testfield>/g

View solution in original post

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.